feat: [safety] string encrypt plugin.

1. daemon plugin provide public key and decryption;
2. dfm plugin do encrypt for user inputs;

Log: as title.

Bug: https://pms.uniontech.com/bug-view-259823.html
Bug: https://pms.uniontech.com/bug-view-259825.html

src/plugins/common/dfmplugin-dirshare/utils/usersharehelper.cpp

@@ -31,6 +31,7 @@
 #include <pwd.h>
 #include <unistd.h>
 
+Q_DECLARE_METATYPE(QString *)
 DFMBASE_USE_NAMESPACE
 namespace dfmplugin_dirshare {
 
@@ -141,7 +142,15 @@ bool UserShareHelper::share(const ShareInfo &info)
 
 void UserShareHelper::setSambaPasswd(const QString &userName, const QString &passwd)
 {
-    QDBusReply<bool> reply = userShareInter->call(DaemonServiceIFace::kFuncSetPasswd, userName, passwd);
+    QString encPass;
+    auto ret = dpfSlotChannel->push("dfmplugin_stringencrypt", "slot_OpenSSL_EncryptString",
+                                    passwd, &encPass);
+    if (ret != 0) {
+        fmWarning() << "cannot encrypt password!!!";
+        DialogManagerInstance->showErrorDialog(tr("Error"), tr("Cannot encrypt password"));
+        return;
+    }
+    QDBusReply<bool> reply = userShareInter->call(DaemonServiceIFace::kFuncSetPasswd, userName, encPass);
     bool result = reply.isValid() && reply.error().message().isEmpty();
     fmInfo() << "Samba password set result :" << result << ",error msg:" << reply.error().message();
 

src/plugins/daemon/CMakeLists.txt

@@ -5,3 +5,4 @@ add_subdirectory(daemonplugin-accesscontrol)
 add_subdirectory(daemonplugin-sharecontrol)
 add_subdirectory(daemonplugin-anything)
 add_subdirectory(daemonplugin-mountcontrol)
+add_subdirectory(daemonplugin-stringdecrypt)

src/plugins/daemon/daemonplugin-accesscontrol/accesscontroldbus.cpp

@@ -7,6 +7,7 @@
 #include "polkit/policykithelper.h"
 
 #include <dfm-base/base/device/deviceutils.h>
+#include <dfm-framework/dpf.h>
 
 #include <QDebug>
 #include <QDBusConnection>
@@ -21,6 +22,7 @@
 #include <sys/mount.h>
 #include <sys/stat.h>
 
+Q_DECLARE_METATYPE(QString *)
 DFMBASE_USE_NAMESPACE
 DAEMONPAC_USE_NAMESPACE
 
@@ -212,8 +214,16 @@ void AccessControlDBus::ChangeDiskPassword(const QString &oldPwd, const QString
         return;
     }
 
-    const QByteArray &tmpOldPwd = oldPwd.toLocal8Bit();
-    const QByteArray &tmpNewPwd = newPwd.toLocal8Bit();
+    QString oldPwdDec, newPwdDec;
+    int r = dpfSlotChannel->push("daemonplugin_stringdecrypt", "slot_OpenSSL_DecryptString", oldPwd, &oldPwdDec).toInt();
+    r = dpfSlotChannel->push("daemonplugin_stringdecrypt", "slot_OpenSSL_DecryptString", newPwd, &newPwdDec).toInt();
+    if (r != 0) {
+        fmCritical() << "cannot decrypt password!!!";
+        return;
+    }
+
+    const QByteArray &tmpOldPwd = oldPwdDec.toLocal8Bit();
+    const QByteArray &tmpNewPwd = newPwdDec.toLocal8Bit();
 
     int ret = kNoError;
     QStringList successList;

src/plugins/daemon/daemonplugin-sharecontrol/sharecontroldbus.cpp

@@ -7,12 +7,16 @@
 #include "dbusadapter/sharecontrol_adapter.h"
 #include "daemonplugin_sharecontrol_global.h"
 
+#include <dfm-framework/dpf.h>
+
 #include <QDBusConnection>
 #include <QDBusConnectionInterface>
 #include <QDebug>
 #include <QProcess>
 #include <QFileInfo>
 
+Q_DECLARE_METATYPE(QString *)
+
 static constexpr char kUserShareObjPath[] { "/com/deepin/filemanager/daemon/UserShareManager" };
 static constexpr char kPolicyKitActionId[] { "com.deepin.filemanager.daemon.UserShareManager" };
 DAEMONPSHARECONTROL_USE_NAMESPACE
@@ -73,18 +77,26 @@ bool ShareControlDBus::SetUserSharePassword(const QString &name, const QString &
         return false;
     }
 
-    fmDebug() << name;   // << passward; // log password?
+    QString clearPasswd;
+    int ret = dpfSlotChannel->push("daemonplugin_stringdecrypt", "slot_OpenSSL_DecryptString",
+                                   passwd, &clearPasswd)
+                      .toInt();
+    if (ret != 0) {
+        fmWarning() << "cannot decrypt password!!!";
+        return false;
+    }
+
     QStringList args;
     args << "-a" << name << "-s";
     QProcess p;
     p.start("smbpasswd", args);
-    p.write(passwd.toStdString().c_str());
+    p.write(clearPasswd.toStdString().c_str());
     p.write("\n");
-    p.write(passwd.toStdString().c_str());
+    p.write(clearPasswd.toStdString().c_str());
     p.closeWriteChannel();
-    bool ret = p.waitForFinished();
+    bool r = p.waitForFinished();
     fmDebug() << p.readAll() << p.readAllStandardError() << p.readAllStandardOutput();
-    return ret;
+    return r;
 }
 
 bool ShareControlDBus::EnableSmbServices()

src/plugins/daemon/daemonplugin-stringdecrypt/CMakeLists.txt

@@ -0,0 +1,50 @@
+cmake_minimum_required(VERSION 3.10)
+
+project(daemonplugin-stringdecrypt)
+
+set(CMAKE_INCLUDE_CURRENT_DIR ON)
+
+FILE(GLOB FILEOPERATIONS_FILES
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.h"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.cpp"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*/*.h"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*/*.cpp"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.json"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*.xml"
+    "${CMAKE_CURRENT_SOURCE_DIR}/*/*.policy"
+    )
+
+find_package(PkgConfig REQUIRED)
+pkg_check_modules(OpenSSL REQUIRED openssl)
+
+add_library(${PROJECT_NAME}
+    SHARED
+    ${FILEOPERATIONS_FILES}
+)
+
+set_target_properties(${PROJECT_NAME} PROPERTIES LIBRARY_OUTPUT_DIRECTORY ../../)
+
+find_package(Qt5 COMPONENTS
+    DBus
+    REQUIRED
+)
+
+target_link_libraries(${PROJECT_NAME}
+    DFM::framework
+    DFM::base
+    Qt5::DBus
+    ${OpenSSL_LIBRARIES}
+)
+
+#install library file
+install(TARGETS
+    ${PROJECT_NAME}
+    LIBRARY
+    DESTINATION
+    ${DFM_PLUGIN_DAEMON_EDGE_DIR}
+)
+
+execute_process(COMMAND qdbuscpp2xml stringdecryptdbus.h -o ./stringdecryptdbus.xml
+   WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+execute_process(COMMAND qdbusxml2cpp -i stringdecryptdbus.h -c StringDecryptAdapter -l StringDecryptDBus -a stringdecrypt_adapter stringdecryptdbus.xml
+   WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})

src/plugins/daemon/daemonplugin-stringdecrypt/opensslhandler.cpp

@@ -0,0 +1,80 @@
+// SPDX-FileCopyrightText: 2024 UnionTech Software Technology Co., Ltd.
+//
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+#include "opensslhandler.h"
+
+#include <openssl/pem.h>
+
+using namespace daemonplugin_stringdecrypt;
+
+OpenSSLHandler *OpenSSLHandler::instance()
+{
+    static OpenSSLHandler ins;
+    return &ins;
+}
+
+void OpenSSLHandler::initKeyPairs()
+{
+    if (rsa)
+        return;
+    rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr);
+
+    BIO *bioPrivKey = BIO_new(BIO_s_mem());
+    PEM_write_bio_RSAPrivateKey(bioPrivKey, rsa, nullptr, nullptr, 0, nullptr, nullptr);
+    char *privKeyBuf;
+    long privKeyLen = BIO_get_mem_data(bioPrivKey, &privKeyBuf);
+    auto privKey = QByteArray(privKeyBuf, privKeyLen);
+    BIO_free(bioPrivKey);
+
+    BIO *bioPubKey = BIO_new(BIO_s_mem());
+    PEM_write_bio_RSA_PUBKEY(bioPubKey, rsa);
+    char *pubKeyBuf;
+    long pubKeyLen = BIO_get_mem_data(bioPubKey, &pubKeyBuf);
+    auto pubKey = QByteArray(pubKeyBuf, pubKeyLen);
+    BIO_free(bioPubKey);
+
+    keys = { pubKey, privKey };
+}
+
+QString OpenSSLHandler::pubKey() const
+{
+    return keys.first;
+}
+
+int OpenSSLHandler::decrypt(const QString &in, QString *out)
+{
+    Q_ASSERT(rsa);
+    Q_ASSERT(out);
+
+    QByteArray cipher = QByteArray::fromBase64(in.toLocal8Bit());
+
+    int rsaSize = RSA_size(rsa);
+    unsigned char *decrypted = new unsigned char[rsaSize];
+    int decryptedLen = RSA_private_decrypt(cipher.length(),
+                                           reinterpret_cast<const unsigned char *>(cipher.data()),
+                                           decrypted,
+                                           rsa,
+                                           RSA_PKCS1_PADDING);
+
+    if (decryptedLen == -1) {
+        delete[] decrypted;
+        return -1;
+    }
+
+    QByteArray source(reinterpret_cast<char *>(decrypted), decryptedLen);
+    *out = QString(source);
+    delete[] decrypted;
+    return 0;
+}
+
+OpenSSLHandler::OpenSSLHandler(QObject *parent)
+{
+}
+
+OpenSSLHandler::~OpenSSLHandler()
+{
+    if (rsa)
+        RSA_free(rsa);
+    rsa = nullptr;
+}

src/plugins/daemon/daemonplugin-stringdecrypt/opensslhandler.h

@@ -0,0 +1,34 @@
+// SPDX-FileCopyrightText: 2024 UnionTech Software Technology Co., Ltd.
+//
+// SPDX-License-Identifier: GPL-3.0-or-later
+#ifndef OPENSSLHANDLER_H
+#define OPENSSLHANDLER_H
+
+#include <QObject>
+
+#include <openssl/rsa.h>
+
+namespace daemonplugin_stringdecrypt {
+
+class OpenSSLHandler : public QObject
+{
+    Q_OBJECT
+
+public:
+    static OpenSSLHandler *instance();
+
+    void initKeyPairs();
+
+    QString pubKey() const;
+    int decrypt(const QString &in, QString *out);
+
+private:
+    explicit OpenSSLHandler(QObject *parent = nullptr);
+    ~OpenSSLHandler();
+
+    RSA *rsa { nullptr };
+    QPair<QString, QString> keys;
+};
+}
+
+#endif   // OPENSSLHANDLER_H

src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt.json

@@ -0,0 +1,14 @@
+{
+    "Name" : "daemonplugin-stringdecrypt",
+    "Version" : "1.0.0",
+    "CompatVersion" : "1.0.0",
+    "Vendor" : "The Uniontech Software Technology Co., Ltd.",
+    "Copyright" : "Copyright (C) 2024 Uniontech Software Technology Co., Ltd.",
+    "License" : [
+    ],
+    "Category" : "",
+    "Description" : "The string decrypt plugin for the dde-file-manager-daemon.",
+    "UrlLink" : "https://www.uniontech.com",
+    "Depends" : [
+    ]
+}

src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt_adapter.cpp

@@ -0,0 +1,41 @@
+/*
+ * This file was generated by qdbusxml2cpp version 0.8
+ * Command line was: qdbusxml2cpp -i stringdecryptdbus.h -c StringDecryptAdapter -l StringDecryptDBus -a stringdecrypt_adapter stringdecryptdbus.xml
+ *
+ * qdbusxml2cpp is Copyright (C) 2017 The Qt Company Ltd.
+ *
+ * This is an auto-generated file.
+ * Do not edit! All changes made to it will be lost.
+ */
+
+#include "stringdecrypt_adapter.h"
+#include <QtCore/QMetaObject>
+#include <QtCore/QByteArray>
+#include <QtCore/QList>
+#include <QtCore/QMap>
+#include <QtCore/QString>
+#include <QtCore/QStringList>
+#include <QtCore/QVariant>
+
+/*
+ * Implementation of adaptor class StringDecryptAdapter
+ */
+
+StringDecryptAdapter::StringDecryptAdapter(StringDecryptDBus *parent)
+    : QDBusAbstractAdaptor(parent)
+{
+    // constructor
+    setAutoRelaySignals(true);
+}
+
+StringDecryptAdapter::~StringDecryptAdapter()
+{
+    // destructor
+}
+
+QString StringDecryptAdapter::PublicKey()
+{
+    // handle method call com.deepin.filemanager.daemon.EncryptKeyHelper.PublicKey
+    return parent()->PublicKey();
+}
+

src/plugins/daemon/daemonplugin-stringdecrypt/stringdecrypt_adapter.h

@@ -0,0 +1,54 @@
+/*
+ * This file was generated by qdbusxml2cpp version 0.8
+ * Command line was: qdbusxml2cpp -i stringdecryptdbus.h -c StringDecryptAdapter -l StringDecryptDBus -a stringdecrypt_adapter stringdecryptdbus.xml
+ *
+ * qdbusxml2cpp is Copyright (C) 2017 The Qt Company Ltd.
+ *
+ * This is an auto-generated file.
+ * This file may have been hand-edited. Look for HAND-EDIT comments
+ * before re-generating it.
+ */
+
+#ifndef STRINGDECRYPT_ADAPTER_H
+#define STRINGDECRYPT_ADAPTER_H
+
+#include <QtCore/QObject>
+#include <QtDBus/QtDBus>
+#include "stringdecryptdbus.h"
+QT_BEGIN_NAMESPACE
+class QByteArray;
+template<class T> class QList;
+template<class Key, class Value> class QMap;
+class QString;
+class QStringList;
+class QVariant;
+QT_END_NAMESPACE
+
+/*
+ * Adaptor class for interface com.deepin.filemanager.daemon.EncryptKeyHelper
+ */
+class StringDecryptAdapter: public QDBusAbstractAdaptor
+{
+    Q_OBJECT
+    Q_CLASSINFO("D-Bus Interface", "com.deepin.filemanager.daemon.EncryptKeyHelper")
+    Q_CLASSINFO("D-Bus Introspection", ""
+"  <interface name=\"com.deepin.filemanager.daemon.EncryptKeyHelper\">\n"
+"    <method name=\"PublicKey\">\n"
+"      <arg direction=\"out\" type=\"s\"/>\n"
+"    </method>\n"
+"  </interface>\n"
+        "")
+public:
+    StringDecryptAdapter(StringDecryptDBus *parent);
+    virtual ~StringDecryptAdapter();
+
+    inline StringDecryptDBus *parent() const
+    { return static_cast<StringDecryptDBus *>(QObject::parent()); }
+
+public: // PROPERTIES
+public Q_SLOTS: // METHODS
+    QString PublicKey();
+Q_SIGNALS: // SIGNALS
+};
+
+#endif